PhishGuru, SmishGuru & USBGuru Simulated Attacks

Our PhishGuru®, SmishGuru®, and USBGuru® simulated attack tools can help you gauge your employees’ understanding of the dangers associated with phishing, smishing, and USB attacks. Along with our CyberStrength® Knowledge Assessment, these simulated attacks deliver the important initial component of our Assess, Educate, Reinforce, Measure methodology and can protect your corporate systems from malware, spyware, and other dangerous software.

Through mock attacks, you can evaluate your organization’s level of susceptibility in a safe, controlled manner. You’ll get a sense of how your employees would respond to phishing and spear phishing emails, malicious SMS/text messages, and infected/unauthorized portable storage devices without exposing your network to an actual attack. This helps you establish a baseline understanding of how vulnerable your organization could be to these dangerous and pervasive threats.

Our reporting functions gather actionable data, and you can use the results of your mock attacks to evaluate how your employees’ behaviors could negatively impact the security of your networks, data, and systems. You can also use the results to plan and focus your future security awareness and training efforts.

PhishGuru, SmishGuru, and USBGuru utilize a scientifically proven methodology to collect detailed information about your organization’s vulnerabilities and prime your employees to learn how to avoid actual attacks. Any employee who falls for a mock attack is automatically presented with a Teachable Moment, which explains the situation and provides practical guidance and tips for future reference. This approach — which pairs simulated attacks with just-in-time teaching — is an excellent forerunner to our interactive training modules because it motivates and engages your employees. Our data has shown that employees who fall for a mock attack are up to 90% more likely to complete follow-up training.

PhishGuru Mock Phishing Attacks

Our PhishGuru anti-phishing software — which won a PC Magazine's Editor's Choice Award — allows you to use mock phishing messages to assess your organization’s susceptibility to an actual attack.

Key Benefits

Allows you to safely expose your employees to phishing techniques and gauge vulnerabilities.

Offers a Random Scheduling option, which spreads out and randomizes the distribution of emails. This helps to minimize the impact to your email servers and IT helpdesk, and it also reduces the chances that employees will figure out — and discuss — the mock attacks, which helps to preserve the integrity of your phishing data.

Allows you to automatically assign targeted training via our exclusive Auto-Enrollment feature. With this convenient and effective administrative tool, any employee who falls for a simulated attack can be assigned the training module(s) of your choice.

Provides extensive analytics and reporting about employee responses to various attack scenarios. You’ll also know whether employees fell for an attack through a mobile phone, a tablet, or a computer; the browsers they were using; and their locations when they fell for the attack.

Gets employees thinking about best practices and how to respond to future threats.

Sets the stage and makes employees more receptive to in-depth training.

SmishGuru Mock SMS Attacks

Our latest simulated attack program, SmishGuru is the first and only solution that allows you to send mock smishing messages to assess your organization’s susceptibility to actual malicious SMS/text messages.

Key Benefits

Allows you to safely expose your employees to smishing techniques and gauge vulnerabilities

Mitigates the risks your organization faces from careless use of mobile devices

Gets employees thinking about best practices and how to respond to future threats

Sets the stage and makes employees more receptive to in-depth training

USBGuru Memory Device Mock Attacks

USBGuru allows you to test employees on a pervasive and dangerous threat vector: infected removable memory devices. You use our cloud-based interface to easily create a custom executable file with a brief training message embedded in the file. The file is then loaded onto USB devices that can be randomly placed throughout your organization — just waiting to be plugged in.

Key Benefits

Allows you to safely introduce your employees to the concept of infected USB drives and gauge vulnerabilities

Gets employees thinking about best practices and how to respond to future attacks

Sets the stage and makes employees more receptive to in-depth training

Teachable Moments

Employees who fall for a simulated attack are automatically presented with a unique Teachable Moment. This just-in-time teaching approach is a great way to set the stage for future in-depth training and motivates employees to learning best practices and exhibit safe behaviors.

The customizable, 15- to 30-second Teachable Moments alert employees about the mock attack, explain the dangers associated with real attacks, and give practical advice and tips they can use to avoid future traps. You can select from three different teaching methods:

Single-panel comic strip

Multi-panel illustration

Customizable landing page

Alternately, you can redirect to your internal training (available for PhishGuru and SmishGuru).

Training: The Next Step

Our mock attacks are most effective when paired with our interactive training. These 10- to 15-minute educational modules offer brief but focused training about key security topics introduced to your employees during your simulated attacks. Education is a logical and effective next step, and our training is based on proven Learning Science Principles that lengthen knowledge retention and drive behavior change.

Connecting these components of our Assess, Educate, Reinforce, Measure methodology can dramatically improve the efficacy of your security awareness and training program. Integration between mock attacks and education has been shown to increase completion rates five- to tenfold. Our data has shown that employees who fall for mock attacks are up to 90% more likely to complete follow-up training. By taking advantage of this opportunity to integrate simulated attacks and training, you can significantly improve the efficacy of your program and further reduce your risks.